NamelessMC

Hi everyone,

Version 2.2.0 is now available! Another update with too many features to list, but the highlights include...

• Mass message system overhaul, including notification preferences ️
• Reactions system overhaul
• New session management page
• Profile widgets and new top/bottom widget locations
• Choose any page as your homepage
• New Twig template systems for template authors
• Blocked words list for forum posts
• Placeholder page overhaul, including the ability to re-order placeholders  
• Option to enable automatic deletion of users that have not activated their account after a period
• Option to enable two factor authentication whilst logging into the staff panel  
• Translation updates, including the addition of Persian (Iran), Serbian, Slovenian
• And of course, plenty of bug fixes

You should wait until your third party modules and templates are updated before updating to this new release.

Existing websites should upgrade through the StaffCP -> Update tab to ensure compatibility. New installations should download nameless-deps-dist from the GitHub release.

Thank you to all contributors who have helped to make this release possible, as we now move onto the development cycle for 2.3.0!

This is awesome!!!

The update broke my website, it is unusable.

DeCrys:

The update broke my website, it is unusable.

Make sure you click on Upgrade after uploading the files - if you didn't do this, head straight to yoursite.com/index.php?route=/panel/upgrade

It is also important that the files are uploaded correctly, in that directories are merged and not replaced, as not every file is included in the upgrade package, only those that have changed.

If you are still experiencing issues, and all that you see is an error page, you can try checking either the Nameless error file (cache/logs/fatal-log.log), or your web server error logs for further information.

I am encountering a persistent issue after updating my NamelessMC installation. Initially, I received an "Internal Server Error" (500). Through troubleshooting, I've identified that commenting out the line # Prevent Apache from removing the Authorization header, we need to check it for the API. followed by CGIPassAuth On in my .htaccess file resolves the "Internal Server Error".

However, when this line is commented out, the website loads but displays the "Sorry! Something went wrong while loading the page. Please contact the administrator." message, indicating an internal application error.

It seems there might be an incompatibility or a change in how the API authorization headers are handled in the updated version, potentially related to the CGIPassAuth On directive.

My current .htaccess file is as follows:

 Options +FollowSymLinks
 <IfModule mod_negotiation.c>
  Options -MultiViews
 </IfModule>
 Options -Indexes
 RewriteEngine on
 IndexIgnore *

 <IfModule mod_headers.c>
  Header append X-FRAME-OPTIONS "SAMEORIGIN"
 </IfModule>

 RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$
 RewriteRule ^(.*)$ - [E=BASE:%1]

 RewriteCond %{REQUEST_FILENAME} !-d

 RewriteRule ^avatar/([^/]+)/([^/]+)/(f|l|r|b|front|left|right|back)/?$ %{ENV:BASE}core/avatar/face.php?u=$1&s=$2&v=$3
 RewriteRule ^avatar/([^/]+)/(f|l|r|b|front|left|right|back)/?$ %{ENV:BASE}core/avatar/face.php?u=$1&v=$2
 RewriteRule ^avatar/([^/]+)/([^/]+)/?$ %{ENV:BASE}core/avatar/face.php?u=$1&s=$2
 RewriteRule ^avatar/([^/]+)/?$ %{ENV:BASE}core/avatar/face.php?u=$1 [L]

 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d

 RewriteRule ^(.*)$ %{ENV:BASE}index.php?route=/$1  [NC,L,QSA]

 # Prevent access to template files
 <files "*.tpl">
  Deny from all
 </files>

 # Prevent access to GeoIP database
 <files "*.mmdb">
  Deny from all
 </files>

 # Prevent access to log files
 <files "*.log">
  Deny from all
 </files>

 # Prevent Apache from removing the Authorization header, we need to check it for the API.
 CGIPassAuth On

Could you please investigate this issue? It seems the handling of API authorization in the updated version might need review, especially concerning the .htaccess configuration.

Thank you for your time and assistance.

@DeCrys thanks for the detailed message.

If CGIPassAuth is causing an issue, it suggests that your Apache version is not recent enough to support it -  Apache should be at least version 2.4.13 for CGIPassAuth.

When this line is commented out, and you are seeing the Nameless error screen, the file cache/logs/fatal-log.log should provide further information as to what is failing - it is likely unrelated to the htaccess issue.